[pfSense] little problem with pfsense
Hi Everyone, This is the first time i write a message here and maybe this is not the place, if i should write this in a forum please let me know… I am an very happy user of pfsense but right now i have a little problem, i explain you : I’m using the last stable version. I have dhcp server enabled and some static leases for some of my hosts. Until here nothing special :) There is different domains in this network so i have to set different DNS servers and domain search suffix. My hosts are heterogenes, there is win7, win8, mac, smartphones, tablets… when i create a lease reservation in the dhcp settings and the machine connects it obtains the right parameters, so everything is ok, but in fact it’s NOT :( What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request although it already has it’s ip address and then it looses all it’s specifics parameters, DNS servers, DNS search suffix… it only keep its ip and gw address… After a lot of search i found it has to deal with some kind of proxy search that initiate a new incomplete request and when you add in your dhcp options « 252 \n » witch basically say to windows : stop asking, there is no proxy period ! win7 keep it’s good parameter but sometimes it looses it again (i couldn’t identify precisely when…) The 252 option is a workaround but the solution would be dhcpd gives the whole parameters every time it is requested to, no ? Is it a bug ? am i doing something wrong ? please i really need help on this Best regards, PS Sorry for my english i hope you’ll understand me Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] does it work ?
hello ? sorry for noise but not sure if it works… Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] does it work ?
Yes, we've received your messages. 2014-11-24 9:38 GMT-02:00 Jean-Laurent Ivars jl.iv...@ipgenius.fr: hello ? sorry for noise but not sure if it works… -- *Jean-Laurent Ivars * *Responsable Technique | Technical Manager* 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Thiago Coutinho O povo não deveria temer o governo. O governo é quem deveria temer o povo. V de Vingança ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
Just a hunch. Did you by any chance drop udp port 137/138 traffic between client and dhcp server? As in, is this traffic allowed? Try tcpdump and check for requests from a problem machine. You might block something win7 has decided it needs. MS tends to have strange/unexpected needs ;) -lsf Hi Everyone, This is the first time i write a message here and maybe this is not the place, if i should write this in a forum please let me know… I am an very happy user of pfsense but right now i have a little problem, i explain you : I’m using the last stable version. I have dhcp server enabled and some static leases for some of my hosts. Until here nothing special :) There is different domains in this network so i have to set different DNS servers and domain search suffix. My hosts are heterogenes, there is win7, win8, mac, smartphones, tablets… when i create a lease reservation in the dhcp settings and the machine connects it obtains the right parameters, so everything is ok, but in fact it’s NOT :( What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request although it already has it’s ip address and then it looses all it’s specifics parameters, DNS servers, DNS search suffix… it only keep its ip and gw address… After a lot of search i found it has to deal with some kind of proxy search that initiate a new incomplete request and when you add in your dhcp options « 252 \n » witch basically say to windows : stop asking, there is no proxy period ! win7 keep it’s good parameter but sometimes it looses it again (i couldn’t identify precisely when…) The 252 option is a workaround but the solution would be dhcpd gives the whole parameters every time it is requested to, no ? Is it a bug ? am i doing something wrong ? please i really need help on this Best regards, PS Sorry for my english i hope you’ll understand me Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request Just a hunch, On the Windows 7 machine, go into Control Panel = Internet Options = Connections Tab = Lan Settings Uncheck 'Automatically Detect Settings' Doug ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin | Viadeo | www.ipgenius.fr Le 24 nov. 2014 à 13:24, Doug Lytle supp...@drdos.info a écrit : What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request Just a hunch, On the Windows 7 machine, go into Control Panel = Internet Options = Connections Tab = Lan Settings Uncheck 'Automatically Detect Settings' Doug ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
Tcpdump and you will know the answer to that. 24. nov. 2014 13:35 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr følgende: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin | Viadeo | www.ipgenius.fr Le 24 nov. 2014 à 13:24, Doug Lytle supp...@drdos.info a écrit : What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request Just a hunch, On the Windows 7 machine, go into Control Panel = Internet Options = Connections Tab = Lan Settings Uncheck 'Automatically Detect Settings' Doug ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
i’m so sorry but i don’t see the answer… 1. I put off 252 option from dhcp server 2. I made ipconfig /renew on the host then check the settings where corrects 3. launch i.e. then press random buttons, the close 4. i made ipconfig /all and can see parameter are back to bad ones If you can understand pore than me, please tell me witch line answer to the question… [2.1.5-RELEASE][r...@toto.tutu.fr]/root(5): tcpdump -i vtnet1 | grep -v ARP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet1, link-type EN10MB (Ethernet), capture size 96 bytes 14:09:24.779450 IP IPG1.tutu.local.bootpc firewall.ipgenius.fr.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:24.779680 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:24.782818 IP IPG1.tutu.local all-routers.mcast.net: igmp leave 224.0.0.252 14:09:24.785573 IP IPG1.tutu.local all-routers.mcast.net: igmp leave 224.0.0.252 14:09:24.788170 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.788446 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:24.896913 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.896944 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:42.189605 IP IPG1.tutu.local.59770 google-public-dns-b.google.com.domain: 61225+ A? www.google.fr. (31) 14:09:42.194543 IP google-public-dns-b.google.com.domain IPG1.tutu.local.59770: 61225 3/0/0 A 173.194.41.55,[|domain] 14:09:42.378885 IP IPG1.tutu.local.56421 google-public-dns-b.google.com.domain: 49131+ A? wpad.tutu.local. (33) 14:09:42.381022 IP IPG1.tutu.local.bootpc 255.255.255.255.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:42.381247 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:42.398465 IP IPG1.tutu.local.54954 google-public-dns-b.google.com.domain: 20328+ A? ssl.gstatic.com. (33) 14:09:42.398756 IP IPG1.tutu.local.55282 google-public-dns-b.google.com.domain: 34794+ A? www.google.com. (32) 14:09:42.399292 IP IPG1.tutu.local.62442 google-public-dns-b.google.com.domain: 56847+ A? www.gstatic.com. (33) 14:09:42.400054 IP IPG1.tutu.local.58409 google-public-dns-b.google.com.domain: 50690+ A? apis.google.com. (33) 14:09:42.402225 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [S], seq 1887194521, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:09:42.403387 IP google-public-dns-b.google.com.domain IPG1.tutu.local.54954: 20328 2/0/0 A 74.125.133.94, (65) 14:09:42.403728 IP google-public-dns-b.google.com.domain IPG1.tutu.local.55282: 34794 6/0/0 A 74.125.71.106,[|domain] 14:09:42.404148 IP google-public-dns-b.google.com.domain IPG1.tutu.local.62442: 56847 4/0/0 A 173.194.41.55,[|domain] 14:09:42.404959 IP google-public-dns-b.google.com.domain IPG1.tutu.local.58409: 50690 7/0/0 CNAME plus.l.google.com.[|domain] 14:09:42.414079 IP google-public-dns-b.google.com.domain IPG1.tutu.local.56421: 49131 NXDomain 0/1/0 (108) 14:09:42.414202 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [S.], seq 888602616, ack 1887194522, win 42900, options [mss 1430,nop,nop,sackOK,nop,wscale 7], length 0 14:09:42.414342 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 1, win 32890, length 0 14:09:42.415316 IP6 fe80::a8c6:c004:d018:251.52455 ff02::1:3.5355: UDP, length 22 14:09:42.415485 IP IPG1.tutu.local.63116 224.0.0.252.5355: UDP, length 22 14:09:42.424547 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [P.], ack 1, win 32890, length 180 14:09:42.436564 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [.], ack 181, win 344, length 0 14:09:42.436780 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [.], ack 181, win 344, length 1430 14:09:42.436886 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [.], ack 181, win 344, length 1430 14:09:42.436926 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [P.], ack 181, win 344, length 1067 14:09:42.436970 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 1431, win 32890, length 0 14:09:42.437006 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 3928, win 32890, length 0 14:09:42.443820 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [P.], ack 3928, win 32890, length 126 14:09:42.455955 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [P.], ack 307, win 344, length 51 14:09:42.456626 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 3979, win 32877, length 0 14:09:42.484097 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [P.], ack 3979, win 32877, length 548 14:09:42.521885 IP6 fe80::a8c6:c004:d018:251.52455 ff02::1:3.5355: UDP, length 22 14:09:42.521912 IP
Re: [pfSense] little problem with pfsense
Grab the packet containing the dhcp request/reply that breaks the win7 client. Wireshark will help you analyze this properly. Sorry, cant help you more then that. Feel free to post a raw dump of the packets that breaks win7 and I'll take a look. -lsf 24. nov. 2014 14:21 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr følgende: i’m so sorry but i don’t see the answer… 1. I put off 252 option from dhcp server 2. I made ipconfig /renew on the host then check the settings where corrects 3. launch i.e. then press random buttons, the close 4. i made ipconfig /all and can see parameter are back to bad ones If you can understand pore than me, please tell me witch line answer to the question… [2.1.5-RELEASE][r...@toto.tutu.fr]/root(5): tcpdump -i vtnet1 | grep -v ARP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet1, link-type EN10MB (Ethernet), capture size 96 bytes 14:09:24.779450 IP IPG1.tutu.local.bootpc firewall.ipgenius.fr.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:24.779680 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:24.782818 IP IPG1.tutu.local all-routers.mcast.net: igmp leave 224.0.0.252 14:09:24.785573 IP IPG1.tutu.local all-routers.mcast.net: igmp leave 224.0.0.252 14:09:24.788170 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.788446 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:24.896913 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.896944 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:42.189605 IP IPG1.tutu.local.59770 google-public-dns-b.google.com.domain: 61225+ A? www.google.fr. (31) 14:09:42.194543 IP google-public-dns-b.google.com.domain IPG1.tutu.local.59770: 61225 3/0/0 A 173.194.41.55,[|domain] 14:09:42.378885 IP IPG1.tutu.local.56421 google-public-dns-b.google.com.domain: 49131+ A? wpad.tutu.local. (33) 14:09:42.381022 IP IPG1.tutu.local.bootpc 255.255.255.255.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:42.381247 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:42.398465 IP IPG1.tutu.local.54954 google-public-dns-b.google.com.domain: 20328+ A? ssl.gstatic.com. (33) 14:09:42.398756 IP IPG1.tutu.local.55282 google-public-dns-b.google.com.domain: 34794+ A? www.google.com. (32) 14:09:42.399292 IP IPG1.tutu.local.62442 google-public-dns-b.google.com.domain: 56847+ A? www.gstatic.com. (33) 14:09:42.400054 IP IPG1.tutu.local.58409 google-public-dns-b.google.com.domain: 50690+ A? apis.google.com. (33) 14:09:42.402225 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [S], seq 1887194521, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:09:42.403387 IP google-public-dns-b.google.com.domain IPG1.tutu.local.54954: 20328 2/0/0 A 74.125.133.94, (65) 14:09:42.403728 IP google-public-dns-b.google.com.domain IPG1.tutu.local.55282: 34794 6/0/0 A 74.125.71.106,[|domain] 14:09:42.404148 IP google-public-dns-b.google.com.domain IPG1.tutu.local.62442: 56847 4/0/0 A 173.194.41.55,[|domain] 14:09:42.404959 IP google-public-dns-b.google.com.domain IPG1.tutu.local.58409: 50690 7/0/0 CNAME plus.l.google.com.[|domain] 14:09:42.414079 IP google-public-dns-b.google.com.domain IPG1.tutu.local.56421: 49131 NXDomain 0/1/0 (108) 14:09:42.414202 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [S.], seq 888602616, ack 1887194522, win 42900, options [mss 1430,nop,nop,sackOK,nop,wscale 7], length 0 14:09:42.414342 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 1, win 32890, length 0 14:09:42.415316 IP6 fe80::a8c6:c004:d018:251.52455 ff02::1:3.5355: UDP, length 22 14:09:42.415485 IP IPG1.tutu.local.63116 224.0.0.252.5355: UDP, length 22 14:09:42.424547 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [P.], ack 1, win 32890, length 180 14:09:42.436564 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [.], ack 181, win 344, length 0 14:09:42.436780 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [.], ack 181, win 344, length 1430 14:09:42.436886 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [.], ack 181, win 344, length 1430 14:09:42.436926 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [P.], ack 181, win 344, length 1067 14:09:42.436970 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 1431, win 32890, length 0 14:09:42.437006 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [.], ack 3928, win 32890, length 0 14:09:42.443820 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [P.], ack 3928, win 32890, length 126 14:09:42.455955 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49184: Flags [P.], ack 307,
Re: [pfSense] DKIM Re: little problem with pfsense
On Mon, Nov 24, 2014 at 01:35:32PM +0100, Jean-Laurent Ivars wrote: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? May be the missing informations are in a group statement ? we noticed that isc-dhcp didn't read group statement config with dhcpinform packet whereas it read it with dhcprequest packet. We sent a patch to the team [ISC-Bugs #35712] in april but no news until now ! diff --git a/server/dhcp.c b/server/dhcp.c index 8039817..775b7af 100644 --- a/server/dhcp.c +++ b/server/dhcp.c @@ -1301,8 +1301,7 @@ void dhcpinform (packet, ms_nulltp) execute_statements_in_scope(NULL, packet, NULL, NULL, packet-options, options, global_scope, host-group, - host-group ? - host-group-next : NULL, + subnet ? subnet-group : ( host-group ? host-group-next : NULL), NULL); host_dereference (host, MDL); } sincerly, -- Julien Vous n'avez rien a dire... Parlons-en! signature.asc Description: Digital signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
I have the packet that gives the wrong informations but i don’t know how to do a dump raw… Maybe you can understand this ? eeb4771246402e659ef70a5408004500014881ed4011795dc0a8fefec0a8fe0a00430044013425c3020106001b507d3bc0a8fe0aeeb477124640638253633501053604c0a8fefe0104ff000f0b697067656e6975732e66720304c0a8fefe0604c0a8fefeff00 Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ Le 24 nov. 2014 à 14:32, Espen Johansen pfse...@gmail.com a écrit : Grab the packet containing the dhcp request/reply that breaks the win7 client. Wireshark will help you analyze this properly. Sorry, cant help you more then that. Feel free to post a raw dump of the packets that breaks win7 and I'll take a look. -lsf 24. nov. 2014 14:21 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr mailto:jl.iv...@ipgenius.fr følgende: i’m so sorry but i don’t see the answer… 1. I put off 252 option from dhcp server 2. I made ipconfig /renew on the host then check the settings where corrects 3. launch i.e. then press random buttons, the close 4. i made ipconfig /all and can see parameter are back to bad ones If you can understand pore than me, please tell me witch line answer to the question… [2.1.5-RELEASE][r...@toto.tutu.fr mailto:r...@toto.tutu.fr]/root(5): tcpdump -i vtnet1 | grep -v ARP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet1, link-type EN10MB (Ethernet), capture size 96 bytes 14:09:24.779450 IP IPG1.tutu.local.bootpc firewall.ipgenius.fr.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:24.779680 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:24.782818 IP IPG1.tutu.local all-routers.mcast.net http://all-routers.mcast.net/: igmp leave 224.0.0.252 14:09:24.785573 IP IPG1.tutu.local all-routers.mcast.net http://all-routers.mcast.net/: igmp leave 224.0.0.252 14:09:24.788170 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.788446 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:24.896913 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.896944 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:42.189605 IP IPG1.tutu.local.59770 google-public-dns-b.google.com.domain: 61225+ A? www.google.fr http://www.google.fr/. (31) 14:09:42.194543 IP google-public-dns-b.google.com.domain IPG1.tutu.local.59770: 61225 3/0/0 A 173.194.41.55,[|domain] 14:09:42.378885 IP IPG1.tutu.local.56421 google-public-dns-b.google.com.domain: 49131+ A? wpad.tutu.local. (33) 14:09:42.381022 IP IPG1.tutu.local.bootpc 255.255.255.255.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:42.381247 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:42.398465 IP IPG1.tutu.local.54954 google-public-dns-b.google.com.domain: 20328+ A? ssl.gstatic.com http://ssl.gstatic.com/. (33) 14:09:42.398756 IP IPG1.tutu.local.55282 google-public-dns-b.google.com.domain: 34794+ A? www.google.com http://www.google.com/. (32) 14:09:42.399292 IP IPG1.tutu.local.62442 google-public-dns-b.google.com.domain: 56847+ A? www.gstatic.com http://www.gstatic.com/. (33) 14:09:42.400054 IP IPG1.tutu.local.58409 google-public-dns-b.google.com.domain: 50690+ A? apis.google.com http://apis.google.com/. (33) 14:09:42.402225 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [S], seq 1887194521, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:09:42.403387 IP google-public-dns-b.google.com.domain IPG1.tutu.local.54954: 20328 2/0/0 A 74.125.133.94, (65) 14:09:42.403728 IP google-public-dns-b.google.com.domain IPG1.tutu.local.55282: 34794 6/0/0 A 74.125.71.106,[|domain] 14:09:42.404148 IP google-public-dns-b.google.com.domain IPG1.tutu.local.62442: 56847 4/0/0 A 173.194.41.55,[|domain] 14:09:42.404959 IP google-public-dns-b.google.com.domain IPG1.tutu.local.58409: 50690 7/0/0 CNAME plus.l.google.com http://plus.l.google.com/.[|domain] 14:09:42.414079 IP google-public-dns-b.google.com.domain IPG1.tutu.local.56421: 49131 NXDomain
Re: [pfSense] DKIM Re: little problem with pfsense
i think this is exactly the problem i have ! i would like to apply this patch to my installation, it seem not to be a big change in the code, could you tell me how can i do this ?? many thanks Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin | Viadeo | www.ipgenius.fr Le 24 nov. 2014 à 14:54, julien soula julien.so...@laposte.net a écrit : On Mon, Nov 24, 2014 at 01:35:32PM +0100, Jean-Laurent Ivars wrote: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? May be the missing informations are in a group statement ? we noticed that isc-dhcp didn't read group statement config with dhcpinform packet whereas it read it with dhcprequest packet. We sent a patch to the team [ISC-Bugs #35712] in april but no news until now ! diff --git a/server/dhcp.c b/server/dhcp.c index 8039817..775b7af 100644 --- a/server/dhcp.c +++ b/server/dhcp.c @@ -1301,8 +1301,7 @@ void dhcpinform (packet, ms_nulltp) execute_statements_in_scope(NULL, packet, NULL, NULL, packet-options, options, global_scope, host-group, - host-group ? - host-group-next : NULL, + subnet ? subnet-group : ( host-group ? host-group-next : NULL), NULL); host_dereference (host, MDL); } sincerly, -- Julien Vous n'avez rien a dire... Parlons-en! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DKIM Re: DKIM Re: little problem with pfsense
On Mon, Nov 24, 2014 at 03:32:40PM +0100, Jean-Laurent Ivars wrote: i think this is exactly the problem i have ! i would like to apply this patch to my installation, it seem not to be a big change in the code, could you tell me how can i do this ?? this a patch against isc-dhcp v4.3.0 . You must get the source, apply the patch with patch command (or merely modify the code since change is small) and compile/install as usual. sincerly, -- Julien Vous n'avez rien a dire... Parlons-en! signature.asc Description: Digital signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DKIM Re: DKIM Re: little problem with pfsense
On Mon, Nov 24, 2014 at 11:08:50AM -0600, Jim Thompson wrote: On Nov 24, 2014, at 10:20 AM, julien soula julien.so...@laposte.net wrote: On Mon, Nov 24, 2014 at 03:32:40PM +0100, Jean-Laurent Ivars wrote: i think this is exactly the problem i have ! i would like to apply this patch to my installation, it seem not to be a big change in the code, could you tell me how can i do this ?? this a patch against isc-dhcp v4.3.0 . You must get the source, apply the patch with patch command (or merely modify the code since change is small) and compile/install as usual. it doesn???t seem to be patched in ISC???s tree. https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob_plain;f=server/dhcp.c;hb=HEAD you're right :( sincerly, -- Julien Vous n'avez rien a dire... Parlons-en! signature.asc Description: Digital signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Revisiting PCIe LTE/4G modems
On Wed, Oct 29, 2014 at 9:51 AM, Ryan Coleman ryan.cole...@cwis.biz wrote: I'd love to hear how it goes with the ATT card. I might start deploying some of these for doing time-lapse video controlling of GoPro cameras for major construction sites. So I've had the ATT card going for 2 weeks now. Other than a reconnect after about 5 days one time, it has stayed connected. And the key point here is that it did just reconnect after detecting that the remote end was not responding to pings. The VZ modem would get into this situation and spend the rest of its days in an unusable state until it was power cycled. Conveniently (well, exactly the opposite of convenient) we had a comcast outage the day after this was set up and it took over the traffic almost unnoticed by the masses other than being a bit slower. No connection dropping like the VZ modem did every time. The overall bandwidth is lower than I was able to muster with VZ (about 5Mbps vs 9Mpbs with external antennas) but the stability more than makes up for it. If there was a way to get OpenVPN client to use both CARP redundancy and gateway group, I'd never have to manually intervene when comcast goes down to switch it. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] filterdns killing pfsense
On Mon 24 Nov 2014 19:24:55 NZDT +1300, Nishant Sharma wrote: Thanks. I have observed this happening when there are infected machines in the network that incessantly send web requests. This causes squid to query filterdns which fills all the states and new connections are slow to open. Have a look on state table and you will see most of them from 127.0.0.1 to 127.0.0.1:53. There is no abnormality in the state table. For the first occurrance of this problem used-states peaked at 170 (RRD, 1 week, 1h average), for the second at 120 (RRD, 1 day, 5 minutes average). For the first time I checked this in the web interface at the time, the second time I couldn't get a web login. The access log shows a client doing web browsing with a request rate of up to something like 20/second for the first. That's normal, pages loading all their CDN and adcr.p references. No activity for the second time(!) in the log, but that seems a bit low. I had increased the squifguard processes from the default 5 to 20 (had to hack the php) to avoid warnings about insufficient processes. Immediate measure can be not to use dns-forwarder as DNS for the firewall. Sift through squid access log to find out infected machines and sanitise them. No infected machines present. It is entirely possible that my ISP had DNS or general congestion at the time. However I expect pfsense not to shoot itself when its Internet connection is less than perfect. As a quick measure I have moved squid + squidguard logs to a different filesystem and changed process limits from kern.maxfiles: 12328 kern.maxfilesperproc: 11095 to kern.maxfiles: 15000 kern.maxfilesperproc: 3000 And squid needs its logging sorted: uniq cache.log cache.log-uniq wc -l cache.log* 98234680 cache.log 64153 cache.log-uniq So I am still looking for the cause of this suicidal pfsense box. Any pointers gratefully accepted. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list